6.857: Computer and Network Security

References

Related MIT Courses

Security books

There are three recommended
textbooks (not required!) for this course. In
addition, we have a number of other suggestions
collected over previous years. You're welcome to send
us suggestions if you find a security book you think
should be on this list.

Alfred Menezes, Paul van Oorschot, Scott VanstoneHandbook of Applied CryptographyCRC Press1997
This is a very comprehensive book. The best part is that you can
download this book online!
The hardcopy is very convenient though.

Bruce Schneier
Applied Cryptography, 2nd EditionJohn Wiley & Sons1996
This is the best book to read for an introduction to applied
security and cryptography. There is much less math than the book by
Menezes et al. Sometimes statements are made without much
justification, but no other book even compares to this comprehensive
introduction to cryptography. The bibliography alone is worth buying
the book.

Christof Paar and Jan PelzlUnderstanding CryptographySpringer2010
This is a new book. Initial impressions are good, but if you decide to look at it, we'd appreciate your feedback about it to see if it's good to use in this course!

Ross Anderson
Security EngineeringJohn Wiley & Sons2001
An excellent book on security in real world systems.

Bruce SchneierSecrets and LiesJohn Wiley & Sons2000
Schneier used to advocate good cryptography as the solution to
security problems. He has since changed his mind. Now he talks about
risk management and cost-benefit analysis.

Peter Neumann
Computer Related RisksAddison-Wesley1995
Power grid failures. Train collisions. Primary and backup power
lines blowing up simultaneously. These events aren't supposed to
happen! Neumann offers a plethora of stories about the risks and
consequences of technology, gathered from his
Risks mailing list. On
a side note, Neumann is also responsible for coming up with the
pun/name "Unix."

Jakob Nielsen
Usability EngineeringAcademic Press1993
There are a lot of non-intuitive GUIs out there for security
products. Anyone making a security product for use by humans should
learn about the principles of smart GUIs.

Charlie Kaufman, Radia Perlman, Mike Speciner
Network Security: Private Communication in a Public World, 2nd
EditionPrentice Hall2002
The authors discuss network security from a very applied approach.
There is a lot of discussion about real systems, all the way down to
the IETF RFCs and the on-the-wire bit representations. The authors
also have a fun, informal style.

Simson Garfinkel, Gene Spafford
Web Security, Privacy & CommerceO'Reilly2002
It's hard to keep up with all the security software out there. But
these authors do a good job documenting it all. Garfinkel was an undergraduate and PhD student at MIT.

Papers

Most of the reading material in 6.857 comes from conferences on computer
and network security. Here is a list of the papers we hope to discus; we
won't have time for everything. Send us a note if you see a paper that
greatly interests you.

comp.risks
archive via UseNet contains the latest few issues, it can also be
browsed via
Discuss

sci.crypt
archive via UseNet contains discussion of cryptography. A lot of the
stuff is questions by people unfamiliar with the topic or just
starting out, but there are sometimes useful postings in there too